[Git][security-tracker-team/security-tracker][master] Marked several frr CVEs as no-dsa (minor issue).
Ola Lundqvist (@opal)
opal at debian.org
Wed Jun 14 20:18:28 BST 2023
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c5f1c2c5 by Ola Lundqvist at 2023-06-14T21:15:15+02:00
Marked several frr CVEs as no-dsa (minor issue).
This follows the practice for similar CVEs in the past for the same package.
They are all Denial of Service class and there are plenty of those that were marked as
mior issues in the past for this package.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3588,11 +3588,13 @@ CVE-2023-31799 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.1
NOT-FOR-US: Chamilo LMS
CVE-2023-31490 (An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to c ...)
- frr <unfixed> (bug #1036062)
+ [buster] - frr <no-dsa> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/13099
NOTE: https://github.com/FRRouting/frr/pull/12454
NOTE: Fixed by: https://github.com/FRRouting/frr/commit/06431bfa7570f169637ebb5898f0b0cc3b010802
CVE-2023-31489 (An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to c ...)
- frr <unfixed> (bug #1036061)
+ [buster] - frr <no-dsa> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/13098
NOTE: Fixed by: https://github.com/FRRouting/frr/commit/b1d33ec293e8e36fbb8766252f3b016d268e31ce
CVE-2023-31476 (An issue was discovered on GL.iNet devices running firmware before 3.2 ...)
@@ -48757,7 +48759,8 @@ CVE-2022-43682
RESERVED
CVE-2022-43681 (An out-of-bounds read exists in the BGP daemon of FRRouting FRR throug ...)
- frr <unfixed> (bug #1035829)
- NOTE: https://github.com/FRRouting/frr/issues/13427
+ [buster] - frr <no-dsa> (Minor issue)
+ NOTE: <https://github.com/FRRouting/frr/issues/13427
NOTE: https://github.com/FRRouting/frr/issues/13480
NOTE: Fixes for CVE-2022-43681/CVE-2022-40318/CVE-2022-40302:
NOTE: https://github.com/FRRouting/frr/commit/1117baca3c592877a4d8a13ed6a1d9bd83977487 (base_8.4)
@@ -58032,6 +58035,7 @@ CVE-2022-40319 (The LISTSERV 17 web interface allows remote attackers to conduct
NOT-FOR-US: LISTSERV
CVE-2022-40318 (An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By cra ...)
- frr <unfixed> (bug #1035829)
+ [buster] - frr <no-dsa> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/13427
NOTE: https://github.com/FRRouting/frr/issues/13480
NOTE: Fixes for CVE-2022-43681/CVE-2022-40318/CVE-2022-40302:
@@ -58101,6 +58105,7 @@ CVE-2022-40303 (An issue was discovered in libxml2 before 2.10.3. When parsing a
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2336
CVE-2022-40302 (An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By cra ...)
- frr <unfixed> (bug #1035829)
+ [buster] - frr <no-dsa> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/13427
NOTE: https://github.com/FRRouting/frr/issues/13480
NOTE: Fixes for CVE-2022-43681/CVE-2022-40318/CVE-2022-40302:
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5f1c2c585360bcb3c29348b6c4806ad3d661b7d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5f1c2c585360bcb3c29348b6c4806ad3d661b7d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230614/f4b01c75/attachment.htm>
More information about the debian-security-tracker-commits
mailing list